Key point 4-04. Many states recognize "invasion of privacy" as a basis for liability. Invasion of privacy may consist of any one or more of the following: (1) public disclosure of private facts; (2) use of another person's name or likeness; (3) placing someone in a "false light" in the public eye; or (4) intruding upon another's seclusion.
Key point 8-29. Employees may have a limited right of privacy in their workspace that may extend to the contents of their desk and cabinet drawers, and employer-provided computers. This right of privacy can be superseded by a policy that clearly authorizes the employer to inspect these items.
A federal district court in California ruled that an employer did not commit an invasion of privacy by reading text messages and email that were accessible on a former employee's employer-provided cell phone following his dismissal.
An employee ("Gary") of a for-profit business (the "defendant") informed his employer that he had taken a job with one of its competitors. Upon learning of Gary's intent to pursue other employment, the defendant immediately dismissed him.
While employed with the defendant, Gary was assigned a company-owned iPhone and iPad for both work and personal purposes. Thereafter, Gary created and paid for a personal Apple account that was linked to both devices. He returned both devices to the defendant after his termination.
Gary's new employer provided him a new iPhone. At some point thereafter, Gary registered or linked his new iPhone to the same personal Apple account he had previously used while working for the defendant. This process "synced" the new iPhone with Gary's personal Apple account.
Several weeks later, when he received a new iPad from his new employer, Gary linked the new iPad to his personal Apple account. In the process of registering the iPad, he discovered the telephone number associated with his former iPhone was still linked to his personal Apple account. Because he had failed to unlink the former iPhone from his account, his private electronic data and electronic messages, including text messages sent to and from his new iPhone, also were transmitted to the previous iPhone which he had returned to the defendant. Gary then deleted the old iPhone number from his account to ensure that his new Apple products were not in any way linked to the old account.
Gary claimed that after his departure, the defendant began actively investigating his post-employment acts, conduct, and communications. In the course of its investigation, the defendant allegedly invaded his privacy by accessing, intercepting, monitoring, reviewing, storing and using his post-employment private electronic data and electronic communications (including but not limited to text messages sent and received from his new iPhone) without consent.
Based on its investigation, the defendant sued Gary for breach of contract, misappropriation of trade secrets, and breach of the fiduciary duty of loyalty. Gary responded by counter-suing the defendant for invasion of privacy. The gist of the counterclaim was that the defendant improperly read the text messages that were inadvertently transmitted to his prior iPhone. The defendant asked the court to dismiss Gary's counterclaim.
Invasion of privacy for accessing Gary's personal text messages
The court began its opinion by noting that an invasion of privacy claim based on intruding upon another's seclusion has two elements: "First, the defendant must intentionally intrude into a place, conversation, or matter as to which the plaintiff has a reasonable expectation of privacy. Second, the intrusion must occur in a manner highly offensive to a reasonable person." The court added that invasion of privacy can occur "only if the plaintiff had an objectively reasonable expectation of seclusion or solitude in the place, conversation or data source."
Gary claimed that, as a matter of law, an employee has a reasonable expectation of privacy with respect to text messages contained on employer-owned mobile telephones, and he cited two cases in support of this conclusion.
(1) In City of Ontario v. Quon, 560 U.S. 746 (2010), a police officer was issued a pager by his police department which was subject to a limit on the number of characters that could be sent and received each month. After becoming concerned that the officer was repeatedly exceeding his character limit, the police department obtained transcripts of the text messages from the wireless carrier to ascertain whether the texts were work-related or personal. After finding that most of the text messages were not work-related, the police department took disciplinary action against the officer. The officer then sued the city and its police department alleging that the department's review of his text messages invaded his privacy. The United States Supreme Court assumed, without deciding, that the plaintiff had a reasonable expectation of privacy in text messages sent to him on an employer-provided pager. However, the Court ultimately upheld the police department's review of those messages as reasonable.
In summary, the Court ruled that employees have a legitimate expectation of privacy in employer-provided computer equipment, but that employer searches of such equipment are legally permissible so long as the employer (1) has a legitimate work-related reason for the search, and (2) the search was not excessively intrusive in light of that justification.
The district court concluded that the Quon case did not support Gary's claim that employees always have a legitimate expectation of privacy in their work-related computer equipment and cell phones that is violated whenever an employer examines the devices without consent.
(2) In United States v. Finley, 477 F.3d 250 (5th Cir. 2007), a criminal defendant challenged the denial of his motion to suppress text messages and call records which law enforcement officials had obtained through a warrantless search of his employer-issued cell phone. A federal appeals court ruled that the mere fact that the employer owned the phone and had access to its contents did not demonstrate that defendant had no expectation of privacy in his call records and text messages. In reaching its decision, the court specifically noted that the defendant had undertaken precautions to maintain the privacy of data stored on his phone and that "he had a right to exclude others from using the phone." However, unlike the defendant in Finley, Gary was no longer an employee of the company which owned the cell phone to which the text messages had been sent. In addition, he had no right to exclude others from accessing [his old] iPhone—which he did not own or possess and no longer had any right to access. Moreover, rather than undertake precautions to maintain the privacy of his text messages, he did just the opposite by failing to unlink his old iPhone from his Apple account, which, in turn, facilitated the transmission of those messages to an iPhone exclusively owned, controlled, and possessed by his former employer.
The district court also noted that Gary's privacy claim failed because he did not show any intrusion into a "place, conversation, or matter as to which the plaintiff has a reasonable expectation of privacy":
He cannot legitimately claim an expectation of privacy in [his old iPhone] which belongs to his former employer and to which he has no right to access. Nor can he claim a reasonable expectation of privacy with respect to his text messages, in general. The pleadings do not identify the contents of any particular text messages, and instead, refer generally to "private electronic data and electronic communications." This and other courts have concluded that there is no "legally protected privacy interest and reasonable expectation of privacy" in electronic messages, in general. Rather, a privacy interest can exist, if at all, only with respect to the content of those communications. In any event, even if Gary were claiming an expectation of privacy with respect to the specific content of his text messages (which he has not specified), the facts alleged demonstrate that he failed to comport himself in a manner consistent with an objectively reasonable expectation of privacy. By his own admission, he personally caused the transmission of his text messages to the [old] iPhone by syncing his new devices to his Apple account without first unlinking his [old] iPhone. As such, even if he subjectively harbored an expectation of privacy in his text messages, such expectation cannot be characterized as objectively reasonable, since it was Gary's conduct that directly caused the transmission of his text messages to the defendant in the first instance … .
Gary also does not specify whether his claim is predicated upon text messages sent by him, received by him, or both. With respect to messages he transmitted, there is authority finding that a plaintiff has no reasonable expectation of privacy in messages sent to third parties … because he relinquished control of them once they were transmitted … .
The facts alleged in Gary's counterclaim are insufficient to show that the defendant intruded into his privacy in a manner highly offensive to a reasonable person. Invasions of privacy must be sufficiently serious in their nature, scope, and actual or potential impact to constitute an egregious breach of the social norms underlying the privacy right. In addition, the plaintiff must show that the use of his information was highly offensive … . Here, Gary alleges only that the defendant acted in a "highly offensive" manner by "accessing, intercepting, monitoring, reviewing, storing and using [his] post-employment private electronic data and electronic communications without [his] knowledge, authorization or consent as part of an unreasonably intrusive and unauthorized investigation into his post-employment conduct." He offers no factual support for these conclusory assertions. In particular, he provides no details regarding the specific conduct by the defendant that amounts to "accessing, intercepting, monitoring, reviewing, storing and using [his] post-employment private electronic data and electronic communications." He also fails to offer any facts to establish that the defendant's use of the intercepted communications was highly offensive. The possibility that the defendant may have reviewed text messages sent to a cell phone which it owned and controlled—without more—is insufficient to establish an offensive use.
What this means for churches
This case illustrates the following points:
1. Employees have a legitimate expectation of privacy in employer-provided computers and cell phones, meaning that an employer may be liable on the basis of invasion of privacy for nonconsensual searches of such equipment.
2. But this expectation may be superseded in a couple of situations: First, the employer has a legitimate work-related reason for the search, and the search was not excessively intrusive in light of that justification. This was the conclusion reached by the United States Supreme Court in the Quon decision. Second, an employee's expectation of privacy in an employer-provided computer or cell phone is diminished, if not lost, when the employee's employment relationship is terminated.
3. An employee's expectation of privacy in employer-provided computers and cell phones ordinarily is lost if the employee consents to a search. Consent may occur in two ways. The Supreme Court noted in the Quon case that the city's computer policy was evidence that its inspection of pager messages was "not excessively intrusive." This is an important reason for churches to adopt a computer policy that informs employees that computers, pagers, and cell phones provided by the church are subject to inspection, and that clarifies that employees have no expectation of privacy with respect to the content of such devices.
The Supreme Court did not say that the mere existence of such a policy will be conclusive evidence that an employer's inspection of such devices will be reasonable. The contents of the policy, and the circumstances of each case, must be considered. But, churches will be in a better legal position with such a policy than without one.
Note that a computer policy authorizing employer searches of its equipment may not be legally enforceable if the policy is applied to employees hired prior to the creation of the policy. This is due to the contractual requirement of consideration. In order for a new policy to be enforceable, each party must receive something of value ("consideration") in exchange for his or her commitment to be bound by the policy. The requirement of consideration is what distinguishes contracts from gifts. In a gift, the recipient receives the benefit of the donated property without any value provided in return to the donor.
In the employment context, the commitment by employees to be bound by an employer's employment policies, including a computer policy, requires that they receive something of value ("consideration") in exchange for their commitment. When employees are hired, the fact of employment can constitute valid consideration for their commitment to be bound by the employer's employment policies, especially if this is properly articulated in documentation signed by the employees. Ideally, employees will sign a statement at the time of hire affirming that, in consideration of being hired, they agree to be bound by the current employee policy manual and any changes thereto. Before using this technique, be sure to consult with legal counsel in your state.
4. Some church employees own a laptop computer that they use, either occasionally or regularly, in their church office. The expectation of privacy is even higher for such computers, since they are owned by the employees. Sunbelt Rentals, Inc. v. Victor, 2014 WL 4274313 (N.D. Cal. 2014).